[Owasp-testing] [Owasp-leaders] Public release of the OWASP TESTING GUIDE v4

Fabio Cerullo fcerullo at owasp.org
Wed Sep 17 17:13:36 UTC 2014


Congrats to you and everyone involved... the quality is superb!

Is it possible to order print copies through Hulu?


On Wed, Sep 17, 2014 at 9:03 AM, Andrew Muller <andrew.muller at owasp.org>

> Folks,
>   OWASP is proud to announce the public release of the OWASP Testing Guide
> version 4.
> As a rich and diverse security community we should be proud of the
> achievement and we'd like to thank and congratulate everyone that authored
> or reviewed the Guide.
> You'll notice several changes between v3 and v4. Some sections have been
> renamed, removed or reworked, but overall the OWASP Testing Guide version 4
> improves on
> version 3 in three ways:
> *1.* This version of the Testing Guide integrates with the two other
> flagship OWASP documentation products: the Developers Guide and the Code
> Review Guide. To achieve this we aligned the testing categories and test
> numbering with those in other OWASP products. The objective of the Testing
> and Code Review Guides is to evaluate the security controls described by
> the Developers Guide.
> *2.* All chapters have been improved and test cases expanded to 87 (64
> test cases in v3) including the introduction of four new chapters and
> controls:
> - Identity Management Testing
> - Error Handling
> - Cryptography
> - Client Side Testing
> *3.* This version of the Testing Guide encourages the community not to
> simply accept the test cases outlined in this guide. We encourage security
> testers to integrate with other software testers and devise test cases
> specific to the target application. As we find test cases that have wider
> applicability we encourage the security testing community to share them and
> contribute them to the Testing Guide. This will continue to build the
> application security body of knowledge and allow the development of the
> Testing Guide to be an iterative rather than monolithic process.
> As we continue to improve our tools and documentation, we'd like to ask
> you to support OWASP to reach the following goals:
>   *Continuously improve the guide*.
> The Guide is a "live" document: we always need your feedback! Tell us what
> you love. Tell us what you love less.
> Please join our testing mailing list and share your ideas:
> http://lists.owasp.org/mailman/listinfo/owasp-testing
>   *Promote the Testing Guide*.
> We would like to have some more media coverage on the Guide, so please, if
> you know somebody that can help please put them in touch with us.
> If you have the chance, you can write an article about the Testing Guide
> and other new OWASP Projects.
>   *Add 'quotes' to the Guide*.
> We made a special 'quotes' pages for the Testing Guide.
> Here we'd link you to add comments and references to the Guide.
> http://www.owasp.org/index.php/OWASP_Testing_Guide_Quotes
> The OWASP Testing Guide includes a "best practice" penetration testing
> framework which users can implement in their own organizations and a "low
> level" penetration testing guide that describes techniques for testing most
> common web application and web service security issues.
> Download or browse the Guide now from:
> - https://www.owasp.org/images/1/19/OTGv4.pdf
> - https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
> regards,
> ____________________
> *Andrew Muller*
> Canberra OWASP Chapter Leader
> OWASP Testing Guide Co-Leader
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140917/e9e869d7/attachment.html>

More information about the Owasp-testing mailing list